DNS Security And Defence

With the fast development of Internet, it brings up lots of advantage and facility in our work and living environment, such as E-mail, E-business and E-Government. But we should notice that it has secure hidden trouble because lots of private files and data were transported in Internet.DNS (Domain Name System) is one of the most important component of Internet and the precondition of the implement to the network application, which not only takes charge of the transfer between IP address and domain name, but also takes on mail exchange and lots of other services. DNS adopts the distributed database structure, and works on the client/server (C/S) way, which saves zone information on the server, and allow client to request the needed data. With the development of Internet network application and business, the network attack events have happened more and more frequently on Internet, DNS system has suffered from a series of attack. It badly effected the communication of Internet. In some serious condition, that attacker intercept and decode the secret data through DNS spoof bring huge loss to corporation or institution. Therefor more and more people begin to pay attention to the security problem of DNS.At the beginning, the paper analyses the origin and process of DNS system, comprehends the actuality of DNS system of the national IP net, and introduces the several common technology about network security. And then comprehend the work theory study the DNS construction and query process of DNS system through analyzing the DNS construction and query process, expatiate the DNS configuration in the Linux experiment environment and make the press testing. Then through a series of experiment, the paper research presently the DNS system faced the security questions, and find out the reasons that make the DNS been attacked easily. Under the security questions discuss, the paper stress on the different DNS security to bring out corresponding solutions,including BIND security configuarion and iptables policy brings into effect. Then the paper expatiates on the design of DNS network management security system, pay more attention on the dns host performance inspection and the centralized trouble manager module. At last, prospect DNS security performance, sum up DNSSEC advantage and deficiency of DNSSEC. And get the illumination of the NxDomain guide service according to the secure hole, and briefly introduce this service.The article describes following parts:1 .Analysis DNS work theory.2．Set up testing envornment,carry through DNS security and performance test.3．Analysis log file to get the way of DNS attack.4．Bring forward the solution of DNS security questions.5．Design and implement DNS netwok security management system.DNS network security management not only help operator improve work efficiency, reduce trouble happen and shorten the time that DNS Server needed system and people to maintain, but also ensure to build a high efficient and secure network environment.In order to satisfy the next generation network development, especially the disposal capability and security performance, DNS needs to make progress to the next generation technology.